Computer system security is essential in the modem online culture. One aspect of computer security is ensuring that an entity that is attempting to access another entity has rights to do so (“authorization”). Before authorizing the access by the entity, a computer security system must also verify the identity of the entity (“authentication”). Often, authentication and authorization are performed responsive to a login process in which a user or process provides an identifier and a secret value, such as a password or cryptographic key.
Security relationships among various entities have evolved to a point where one entity may rely on another entity's access rights to access a given resource. For example, if a first computer has rights to send a print job to a second computer, and the second computer has rights to send the print job to a networked printer, the first computer may attempt to submit the print job to the second computer (i.e., or the intermediate entity) for printing on the networked printer. This multi-stage access typically requires individual authentications and authorizations at each stage. That is, the first computer is authenticated and authorized to access the second computer, and the second computer is authenticated and authorized to access the networked printer.
At least two disadvantages are presented by the multi-stage authentication and authorization of the security process. First, in many configurations, authentication and authorization are performed with the involvement of a security manager. Often, this security manager is a process that maintains security data for many entities on a network. The multi-stage security process requires the security manager to perform authentication and authorization twice. In a busy network, the multi-stage security process can cause a bottleneck at the security manager. Second, each entity (e.g., each computer) must also participate in authentication and authorization, thereby expending resources of both entities and the security manager.